
3 Ways to Prove ROI in SAP Security


Markus Schumacher, CEO, Virtual Forge
For years, CIOs have focused on risk management as a key selling point for validating their budgets to the rest of the C-suite. And while that may have gotten them a decent enough budget to implement enterprise security and beef up in-house infrastructure, it's not enough to really make top-level executives sit down and take notice. Any department head can tell you that even though risk mitigation can ultimately save companies millions of dollars a year in prevention, it doesn't do much for convincing higher-ups to keep your enterprise security budget from getting slashed if cuts are being made.
These days, though, it pays dividends to pay attention to SAP security. All you need to do is look at the last year and the immense number of enterprise companies that had their bottom line directly impacted by data breaches and cyber attacks. In fact, taking a reactive approach to cybersecurity is a sure-fire way to lose money. Luckily, understanding how to speak the language of the C-suite and help non-IT executives understand the role that SAP security plays in contributing to overall revenue can make everyone's lives easier.
The Benefits of Proving an ROI on your SAP Security Investment
The benefits of being able to show a real return on investment on SAP security are pretty obvious from an enterprise standpoint. For starters, it helps make a strong case for getting budget allocation for improving security on key SAP programs that manage large volumes of sensitive customer data, proprietary company information, and critical operational procedures. Even a seemingly small vulnerability in SAP security can disrupt enterprise operations, often causing millions of dollars in damage and lost revenue. A 2016 report from IBM and the Ponemon Institute found that the average company cost for a data breach was $3.8 million dollars, so it comes as no surprise that a small SAP security investment can more than cover its cost when compared to the average financial damage that a breach can cause.
SAP security won't drive company revenue, but it absolutely will prevent financial loss if it's implemented and executed well
Challenges of Proving ROI
The problem of showing ROI in SAP security investment is really about how to quantify risk prevention and present it as financial loss prevention. SAP security won't drive company revenue, but it absolutely will prevent financial loss if it's implemented and executed well. Cyber attacks are so commonplace these days, it's more a question of when they will hit your organization - not if. A 2015 study by Duke University and CFO Magazine found that 80 percent of US companies had been successfully hacked. And this doesn't even include companies that have hacks that aren't publicized. To make a case for a return on investment in SAP security, the focus needs to be on the cost of a data breach and how that will ultimately affect the company.
Risk = Probability of an Adverse Event Happening x The Cost of the Adverse Event
Since the cost of adverse events can vary and the probability of an adverse event is largely dependent on company size, skills, time and their budget, these four factors can be used to help make a better case for investing in SAP security. Keep in mind; while there are methodologies like ALE (Annualized Loss Expectancy), it's still hard to calculate these numbers given the lack of reliable data available.
1. Cost of SAP Security vs Credit Ratings - In 2015, Moody's Investors Service announced that cyber security would become a higher priority in company credit ratings. With cybersecurity attacks becoming more prevalent, it's making companies and municipalities more at risk for operational disruption - all of which can have serious repercussions on company revenues and stock prices. Moody's—the New York based investor service that offers credit ratings for debt securities—now takes cyber security attacks and vulnerabilities into account when setting a credit rating. These ratings strongly affect the value of government and corporate bonds, which can have a strong effect on the cash flow of an organization.
2. Cost of SAP Security vs Increased Cost of Operational Overhead - Not only did Moody's integrate cyber security threats into their equation for valuing credit ratings, but FICO announced in 2016 that they had acquired a predictive analytics company to predict the likelihood of enterprise security attacks. Their new Enterprise Security score will affect everything from the cost of business and liability insurance to evaluating third-party vendors, which can have a very real impact on the bottom line.
3. Cost of SAP Security vs Cost of Data Breach - We know that the average cost of a data breach for an enterprise company is $3.8 million, so one of the easiest ways to prove ROI for SAP security is to use the same equation above (x = probability of an event happening x cost of the event) and fill in the blanks. Finding a direct ROI in a risk mitigation service is based on taking the original risk score defined as a dollar amount, subtracting what the risk would be after implementing a solution, and then comparing the result to the cost of implementing a solution.
Featured Vendors
projektraum36 / p36.labs: Delivering Native SAP Cloud-based Solutions for the Life Sciences Industry
My Supply Chain Group (MSCG): Enabling the Intelligent Enterprise and Digital Supply Chain through SAP
Configurable Management: Get Control of your SAP Master Data and Automate Manual Business Processes—Rapid Deployment Solutions
Global Software, Inc: Creating the Ultimate Excel-based SAP Reporting Platform with Spreadsheet Server
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Balancing Innovation and Standardization
Leveraging Quality Engineering and DevOps to thrive in the face of...
Pioneering the Future Through Technology Innovation
Reimagine Naval Power
The Shifting Enterprise Operating System Ecosystem Is Helping...
Digital TRANSFORMATION: Challenge the Status Quo, Be Disruptive.
